Novell Home

CVE-2013-1362

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-1362 at MITRE

Description

Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash.

NVD CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entry: 807241

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • nagios-nrpe >= 2.12-24.4.8.1
  • nagios-nrpe-doc >= 2.12-24.4.8.1
  • nagios-plugins-nrpe >= 2.12-24.4.8.1
Builds
SAT Patch Nr: 8033
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • nagios-nrpe >= 2.12-24.4.8.1
  • nagios-nrpe-doc >= 2.12-24.4.8.1
  • nagios-plugins-nrpe >= 2.12-24.4.8.1
Builds
SAT Patch Nr: 8032

© 2014 Novell